CVE-2023-5987
Published: Nov 15, 2023
Modified: Aug 2, 2024
CVSS v3.1
6.1
Description
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
| Vendor | Product | Versions |
|---|---|---|
Schneider Electric | EcoStruxure Power Monitoring Expert (PME) | affected Version 2020 CU2 and prioraffected Version 2021 CU1 and prior |
Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module | affected Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021affected Advanced Reporting and Dashboards Module 2020 prior to CU3 |
Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module | affected EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now